├── CISA Alert AA22-110A ├── APT28.json ├── APT29.json ├── Dragonfly.json ├── Gamaredon_Group.json ├── Havex.json ├── README.md ├── Sandworm_Team.json ├── Smoke_Loader.json ├── TEMP.Veles.json ├── Turla.json ├── WellMess.json ├── Wizard_Spider.json ├── combined.json └── combined.png ├── CISA Alert AA22-216A ├── AZORult.json ├── Agent_Tesla.json ├── CISA Top Malware Report - TTP Detection & Test Mapping Counts.csv ├── CISA_Alert_AA22-216A_-_All_Malware_Combined.json ├── CISA_Alert_AA22-216A_-_All_Malware_Combined_sorted.json ├── Formbook.json ├── GootLoader.json ├── LokiBot.json ├── MOUSEISLAND.json ├── NanoCore.json ├── Qakbot.json ├── Remcos.json ├── TrickBot.json ├── Ursnif.json ├── d3fend_cisaBlog.csv └── d3fend_cisaBlog.xlsx ├── Current Intelligence Reports ├── BumbleBee Roasts Its Way to Domain Admin – The DFIR Report.json ├── Karakurt Data Extortion Group CISA.json ├── LockBit 3.0 Update Unpicking the Ransomware's Latest Anti-Analysis and Evasion Techniques - SentinelOne.json ├── SELECT XMRig FROM SQLServer.json └── current_intel_index.json ├── LICENSE ├── README.md ├── Recorded_Future_2021_Malware_and_TTP_Threat_Landscape ├── README.md └── Recorded_Future_2021_Malware_and_TTP_Threat_Landscape.json ├── Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques ├── README.md └── Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques.json ├── Red Canary 2022 Threat Detection Report ├── README.md └── Red_Canary_2022_Threat_Detection_Report.json ├── Russia-TTP-Mappings ├── README.md ├── actor-groups │ ├── APT28.json │ ├── APT29.json │ ├── DEV-0586 : WhisperGate.json │ ├── Gamaredon Group.json │ └── Sandworm.json ├── combined-sorted.json ├── combined.json ├── malware │ ├── Conti.json │ └── Cyclops Blink.json └── russia-ukraineTTPs.png ├── Stealer Malware ├── Astaroth.json ├── Chaes.json ├── Jester Stealer.json ├── Lokibot.json ├── OwaAuth.json ├── QuietSieve.json ├── README.md ├── ThiefQuest.json ├── Valak.json ├── combined.json └── combined.png └── base.json /CISA Alert AA22-110A/APT28.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/APT28.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/APT29.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/APT29.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/Dragonfly.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/Dragonfly.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/Gamaredon_Group.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/Gamaredon_Group.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/Havex.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/Havex.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/README.md -------------------------------------------------------------------------------- /CISA Alert AA22-110A/Sandworm_Team.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/Sandworm_Team.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/Smoke_Loader.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/Smoke_Loader.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/TEMP.Veles.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/TEMP.Veles.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/Turla.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/Turla.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/WellMess.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/WellMess.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/Wizard_Spider.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/Wizard_Spider.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/combined.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/combined.json -------------------------------------------------------------------------------- /CISA Alert AA22-110A/combined.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-110A/combined.png -------------------------------------------------------------------------------- /CISA Alert AA22-216A/AZORult.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/AZORult.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/Agent_Tesla.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/Agent_Tesla.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/CISA Top Malware Report - TTP Detection & Test Mapping Counts.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/CISA Top Malware Report - TTP Detection & Test Mapping Counts.csv -------------------------------------------------------------------------------- /CISA Alert AA22-216A/CISA_Alert_AA22-216A_-_All_Malware_Combined.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/CISA_Alert_AA22-216A_-_All_Malware_Combined.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/CISA_Alert_AA22-216A_-_All_Malware_Combined_sorted.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/CISA_Alert_AA22-216A_-_All_Malware_Combined_sorted.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/Formbook.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/Formbook.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/GootLoader.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/GootLoader.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/LokiBot.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/LokiBot.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/MOUSEISLAND.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/MOUSEISLAND.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/NanoCore.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/NanoCore.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/Qakbot.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/Qakbot.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/Remcos.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/Remcos.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/TrickBot.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/TrickBot.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/Ursnif.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/Ursnif.json -------------------------------------------------------------------------------- /CISA Alert AA22-216A/d3fend_cisaBlog.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/d3fend_cisaBlog.csv -------------------------------------------------------------------------------- /CISA Alert AA22-216A/d3fend_cisaBlog.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/CISA Alert AA22-216A/d3fend_cisaBlog.xlsx -------------------------------------------------------------------------------- /Current Intelligence Reports/BumbleBee Roasts Its Way to Domain Admin – The DFIR Report.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Current Intelligence Reports/BumbleBee Roasts Its Way to Domain Admin – The DFIR Report.json -------------------------------------------------------------------------------- /Current Intelligence Reports/Karakurt Data Extortion Group CISA.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Current Intelligence Reports/Karakurt Data Extortion Group CISA.json -------------------------------------------------------------------------------- /Current Intelligence Reports/LockBit 3.0 Update Unpicking the Ransomware's Latest Anti-Analysis and Evasion Techniques - SentinelOne.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Current Intelligence Reports/LockBit 3.0 Update Unpicking the Ransomware's Latest Anti-Analysis and Evasion Techniques - SentinelOne.json -------------------------------------------------------------------------------- /Current Intelligence Reports/SELECT XMRig FROM SQLServer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Current Intelligence Reports/SELECT XMRig FROM SQLServer.json -------------------------------------------------------------------------------- /Current Intelligence Reports/current_intel_index.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Current Intelligence Reports/current_intel_index.json -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/README.md -------------------------------------------------------------------------------- /Recorded_Future_2021_Malware_and_TTP_Threat_Landscape/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Recorded_Future_2021_Malware_and_TTP_Threat_Landscape/README.md -------------------------------------------------------------------------------- /Recorded_Future_2021_Malware_and_TTP_Threat_Landscape/Recorded_Future_2021_Malware_and_TTP_Threat_Landscape.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Recorded_Future_2021_Malware_and_TTP_Threat_Landscape/Recorded_Future_2021_Malware_and_TTP_Threat_Landscape.json -------------------------------------------------------------------------------- /Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques/README.md -------------------------------------------------------------------------------- /Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques/Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques/Recorded_Future_5_Common_Ransomware_ATT&CK_Techniques.json -------------------------------------------------------------------------------- /Red Canary 2022 Threat Detection Report/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Red Canary 2022 Threat Detection Report/README.md -------------------------------------------------------------------------------- /Red Canary 2022 Threat Detection Report/Red_Canary_2022_Threat_Detection_Report.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Red Canary 2022 Threat Detection Report/Red_Canary_2022_Threat_Detection_Report.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/README.md -------------------------------------------------------------------------------- /Russia-TTP-Mappings/actor-groups/APT28.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/actor-groups/APT28.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/actor-groups/APT29.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/actor-groups/APT29.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/actor-groups/DEV-0586 : WhisperGate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/actor-groups/DEV-0586 : WhisperGate.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/actor-groups/Gamaredon Group.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/actor-groups/Gamaredon Group.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/actor-groups/Sandworm.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/actor-groups/Sandworm.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/combined-sorted.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/combined-sorted.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/combined.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/combined.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/malware/Conti.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/malware/Conti.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/malware/Cyclops Blink.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/malware/Cyclops Blink.json -------------------------------------------------------------------------------- /Russia-TTP-Mappings/russia-ukraineTTPs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Russia-TTP-Mappings/russia-ukraineTTPs.png -------------------------------------------------------------------------------- /Stealer Malware/Astaroth.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/Astaroth.json -------------------------------------------------------------------------------- /Stealer Malware/Chaes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/Chaes.json -------------------------------------------------------------------------------- /Stealer Malware/Jester Stealer.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/Jester Stealer.json -------------------------------------------------------------------------------- /Stealer Malware/Lokibot.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/Lokibot.json -------------------------------------------------------------------------------- /Stealer Malware/OwaAuth.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/OwaAuth.json -------------------------------------------------------------------------------- /Stealer Malware/QuietSieve.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/QuietSieve.json -------------------------------------------------------------------------------- /Stealer Malware/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/README.md -------------------------------------------------------------------------------- /Stealer Malware/ThiefQuest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/ThiefQuest.json -------------------------------------------------------------------------------- /Stealer Malware/Valak.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/Valak.json -------------------------------------------------------------------------------- /Stealer Malware/combined.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/combined.json -------------------------------------------------------------------------------- /Stealer Malware/combined.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/Stealer Malware/combined.png -------------------------------------------------------------------------------- /base.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tropChaud/Cyber-Adversary-Heatmaps/HEAD/base.json --------------------------------------------------------------------------------